Blog

Security, vulnerabilities and best practice

Style over substance has been an Achilles heel of company websites for too long. Quite rightly, there’s a lot of emphasis placed on how something looks and how it feels to a user, but what about the quality of the code?

We only have to look at the recent examples of TalkTalk and VTech data breaches to see what can happen when aspects of web security are overlooked. Companies that should be beyond reproach have left themselves – and more importantly their customers – open to data theft. And this is not high-level hacking carried out by hard-bitten cyber-criminals, this SQL-injection by 15 year old kids.

These stories are becoming commonplace. TalkTalk estimated the cost of its security breach at £35m in one-off costs – and that’s before we get to the resulting loss of custom. The impact of these breaches of security and customer trust can be felt for months or even years. But it’s not just the really big players that need to ensure they’re complying with best coding practices – it’s everyone.

In an effort to look cutting edge and to appeal to visitors, shoppers, customers and prospects, a common oversight is that of code quality. Many websites are created using templates and plugins that are bloated and poorly coded or simply not updated in line with current threats.We honestly don’t claim to be security experts, but we do know that poorly written code leaves you exposed, so it’s worth making sure that whoever’s responsible for your website creation and maintenance has an eye on what’s changing out there and that your assets are being protected.

Freshleaf specialises in developing websites and applications that look great and provide a high-quality user experience, whilst working hard to ensure that we output really good quality code which follows best practice. This enables your web site and applications to be real assets to your business.

Visit our security page to request a FREE security assessment of your site, or download our checklist for ensuring that your website isn’t committing some of the basic security sins.